Mouws/protonmail-bridge-nextcoud-podman
1
0
Fork 1
mirror of https://github.com/shenxn/protonmail-bridge-docker.git synced 2026-03-26 21:35:58 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

ci: update build workflow for GHCR, remove DockerHub

Browse Source
This commit is contained in:
Trent Maetzold 2026-03-11 11:47:46 -05:00
parent 80c7e31b19
commit aac8004a51
1 changed files with 20 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
.github/workflows/build.yaml vendored
View File

@ -13,9 +13,7 @@ on:
workflow_dispatch: workflow_dispatch:
env: env:
GHCR_REPO: shenxn/protonmail-bridge-docker GHCR_REPO: ghcr.io/trent-maetzold/protonmail-bridge
DOCKERHUB_REPO: shenxn/protonmail-bridge
DOCKER_REPO_DEV: ghcr.io/shenxn/protonmail-bridge
PLATFORMS: linux/amd64,linux/arm64/v8,linux/arm/v7,linux/riscv64 PLATFORMS: linux/amd64,linux/arm64/v8,linux/arm/v7,linux/riscv64
jobs: jobs:
@ -24,18 +22,16 @@ jobs:
if: github.ref != 'refs/heads/master' if: github.ref != 'refs/heads/master'
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@master uses: actions/checkout@v4
- name: Set version - name: Set version
id: version run: echo "version=$(cat VERSION)" >> $GITHUB_ENV
run: echo "version=`cat VERSION`" >> $GITHUB_ENV
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v5
with: with:
images: | images: ${{ env.GHCR_REPO }}
${{ env.DOCKER_REPO_DEV }}
- name: Login to GHCR - name: Login to GHCR
uses: docker/login-action@v3 uses: docker/login-action@v3
@ -49,22 +45,21 @@ jobs:
with: with:
driver-opts: network=host driver-opts: network=host
- name: Build and push by digest - name: Build and push
id: build
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,"name=${{ env.DOCKER_REPO_DEV }}",push-by-digest=false,name-canonical=true,push=true
context: ./build context: ./build
file: ./build/Dockerfile file: ./build/Dockerfile
tags: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.ref_name }}" tags: "${{ env.GHCR_REPO }}:dev-${{ github.ref_name }}"
push: true
build-args: | build-args: |
version=${{ env.version }} version=${{ env.version }}
- name: Run Trivy vulnerability scan - name: Run Trivy vulnerability scan
uses: aquasecurity/trivy-action@0.30.0 uses: aquasecurity/trivy-action@0.30.0
with: with:
image-ref: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.ref_name }}" image-ref: "${{ env.GHCR_REPO }}:dev-${{ github.ref_name }}"
format: 'sarif' format: 'sarif'
exit-code: 0 exit-code: 0
severity: 'CRITICAL,HIGH' severity: 'CRITICAL,HIGH'
@ -88,7 +83,7 @@ jobs:
- linux/riscv64 - linux/riscv64
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@master uses: actions/checkout@v4
- name: Prepare - name: Prepare
run: | run: |
@ -96,22 +91,13 @@ jobs:
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Set version - name: Set version
id: version run: echo "version=$(cat VERSION)" >> $GITHUB_ENV
run: echo "version=`cat VERSION`" >> $GITHUB_ENV
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v5
with: with:
images: | images: ${{ env.GHCR_REPO }}
${{ env.DOCKERHUB_REPO }}
${{ env.GHCR_REPO }}
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Login to GHCR - name: Login to GHCR
uses: docker/login-action@v3 uses: docker/login-action@v3
@ -132,14 +118,9 @@ jobs:
with: with:
platforms: ${{ matrix.platform }} platforms: ${{ matrix.platform }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,"name=name=${{ env.DOCKERHUB_REPO }},${{ env.GHCR_REPO }}",push-by-digest=true,name-canonical=true,push=false outputs: type=image,"name=${{ env.GHCR_REPO }}",push-by-digest=true,name-canonical=true,push=true
context: ./build context: ./build
file: ./build/Dockerfile file: ./build/Dockerfile
tags: |
"${{ env.DOCKERHUB_REPO }}:build"
"${{ env.DOCKERHUB_REPO }}:${{ env.version }}-build"
"${{ env.GHCR_REPO }}:build"
"${{ env.GHCR_REPO }}:${{ env.version }}-build"
provenance: false provenance: false
sbom: false sbom: false
build-args: | build-args: |
@ -159,12 +140,14 @@ jobs:
if-no-files-found: error if-no-files-found: error
retention-days: 1 retention-days: 1
merge: merge:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: needs:
- build - build
steps: steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download digests - name: Download digests
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:
@ -173,14 +156,7 @@ jobs:
merge-multiple: true merge-multiple: true
- name: Set version - name: Set version
id: version run: echo "version=$(cat VERSION)" >> $GITHUB_ENV
run: echo "version=`cat VERSION`" >> $GITHUB_ENV
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Login to GHCR - name: Login to GHCR
uses: docker/login-action@v3 uses: docker/login-action@v3
@ -198,29 +174,26 @@ jobs:
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v5
with: with:
images: | images: ${{ env.GHCR_REPO }}
${{ env.DOCKERHUB_REPO }}
${{ env.GHCR_REPO }}
tags: | tags: |
type=raw,enable=true,value=${{ env.version }}-build type=raw,enable=true,value=${{ env.version }}-build
type=raw,enable=true,suffix=,value=build type=raw,enable=true,value=build
- name: Create manifest list and push - name: Create manifest list and push
working-directory: ${{ runner.temp }}/digests working-directory: ${{ runner.temp }}/digests
run: | run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *)
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.GHCR_REPO }}@sha256:%s ' *) $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
- name: Run Trivy vulnerability scan - name: Run Trivy vulnerability scan
uses: aquasecurity/trivy-action@0.30.0 uses: aquasecurity/trivy-action@0.30.0
with: with:
image-ref: "${{ env.DOCKERHUB_REPO }}:${{ env.version }}-build" image-ref: "${{ env.GHCR_REPO }}:${{ env.version }}-build"
format: 'sarif' format: 'sarif'
exit-code: 0 exit-code: 0
severity: 'CRITICAL,HIGH' severity: 'CRITICAL,HIGH'
output: 'trivy-results.sarif' output: 'trivy-results.sarif'
- name: Upload Trivy scan SARIF report - name: Upload Trivy scan SARIF report
uses: github/codeql-action/upload-sarif@v3 uses: github/codeql-action/upload-sarif@v3
with: with:
@ -228,5 +201,4 @@ jobs:
- name: Inspect image - name: Inspect image
run: | run: |
docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ steps.meta.outputs.version }}
docker buildx imagetools inspect ${{ env.GHCR_REPO }}:${{ steps.meta.outputs.version }} docker buildx imagetools inspect ${{ env.GHCR_REPO }}:${{ steps.meta.outputs.version }}